In cybersecurity, it is better not to be confident too soon. After World Travelers, who had recently mistakenly believed to have circumscribed a computer attack by ransomware, it is the Swiss who have recently become disillusioned. At the end of last week, the Swiss national center for cybersecurity thus revised upwards its estimate of the damage caused by the hacking of the IT service provider Xplain, a disaster which finally affected the Swiss administration.
Sensitive customers
Contrary to initial findings, it turns out that operational data was ultimately affected in this computer intrusion claimed by the Play Ransomware gang of cybercriminals. A particularly problematic point. As the Swiss newspaper Le Temps points out, Xplain provides IT services to public organizations in the security sector, cantonal police, the Swiss army and the Federal Office of Police.
The computer attack, spotted by the media Watson, had been unveiled at the end of May on the site of the cybercriminals of Play Ransomware. They then claimed to have stolen more than 900 gigabytes of data, which began to be published from the beginning of June. According to Le Temps, these are documents relating to ongoing IT projects with Swiss policies, identifiers or even contracts or other technical documents.
Filing a complaint
If the crisis is deeper than expected, the Swiss federal administration believes that its computer systems are not directly accessible via Xplain, which still limits the possibilities of rebound from hackers. The victim provider, who told the press that he did not want to pay a ransom, filed a complaint.
In France, the Play gang attacked the Alpes-Maritimes department in particular last November. This criminal group was spotted about a year ago by Trend Micro researchers.